EMPIRESX[.]EXE

Sharing

Copy URL Twitter E-mail

General

Target

EMPIRESX.EXE
Size

1.4MB
MD5

140bda90145182966acf582b28a4c8ef
SHA1

647fc818072059723aca3999f1287ad86a9a00cc
SHA256

88ca68e259d0f738b2d71c561bc93a3bfb5ee82896b916c2e74722e75cda386d
SHA512

4fab4566cd2faad7707d77c767fa309650c6ffc8ec5c8231395537de6aa64fd37146be9daa7cd56d27945ff0f108aa0101574c50e1eb6824e2bef2f39acbb794
SSDEEP

24576:X5ulFtLk8z/okavoA//MZHHpiyiKbksIN1PijQp5RYxqh:JulDJAVtMp/4sIN1uUR

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
EMPIRESX.EXE

Files

EMPIRESX.EXE
.exe windows:4 windows x86 arch:x86

e22c63f643c28ea81af57d221f846b57

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

version

GetFileVersionInfoSizeA
VerQueryValueA
GetFileVersionInfoA

kernel32

FindFirstFileA
FileTimeToSystemTime
WinExec
OutputDebugStringA
VirtualFree
GetTempPathA
GetTempFileNameA
UnmapViewOfFile
CreateFileA
CreateFileMappingA
MapViewOfFile
CompareStringA
IsDBCSLeadByte
GetVersionExA
FindClose
GetProcAddress
_llseek
_lread
GlobalAlloc
GetModuleHandleA
FindResourceA
LoadResource
LockResource
GlobalHandle
GlobalUnlock
GlobalReAlloc
GlobalLock
GlobalFree
_hread
_lclose
GetLastError
UnhandledExceptionFilter
HeapSize
GetModuleFileNameA
GetVolumeInformationA
MulDiv
SetEnvironmentVariableA
WriteFile
SetFilePointer
GetFileType
ReadFile
FileTimeToLocalFileTime
FindNextFileA
GetLocalTime
GetSystemTime
GetTimeZoneInformation
DeleteFileA
HeapFree
HeapAlloc
RtlUnwind
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
SetUnhandledExceptionFilter
IsBadReadPtr
IsBadCodePtr
CompareStringW
GetCPInfo
GetFullPathNameA
ExitProcess
TerminateProcess
GetCurrentProcess
GetStartupInfoA
GetCommandLineA
GetVersion
HeapDestroy
HeapCreate
VirtualAlloc
HeapReAlloc
IsBadWritePtr
WideCharToMultiByte
FlushFileBuffers
SetHandleCount
GetStdHandle
RaiseException
ReleaseMutex
GetACP
GetOEMCP
MultiByteToWideChar
GetStringTypeA
GetStringTypeW
CreateMutexA
SetStdHandle
SetEndOfFile
LCMapStringA
LCMapStringW
GetCurrentDirectoryA
OpenFile
GlobalMemoryStatus
LoadLibraryA
FreeLibrary
CloseHandle
GetDriveTypeA

user32

GetMessageA
PeekMessageA
FindWindowA
DestroyWindow
InvalidateRect
DispatchMessageA
TranslateMessage
CharUpperA
RegisterClassA
LoadIconA
UpdateWindow
SetWindowPos
GetClientRect
GetWindowRect
CreateWindowExA
GetSystemMetrics
DefWindowProcA
GetKeyState
ReleaseDC
GetDC
BringWindowToTop
GetLastActivePopup
LoadStringA
SetForegroundWindow
IsIconic
GetUpdateRect
ValidateRect
FillRect
ScreenToClient
GetCursorPos
SetClassLongA
SetCursor
GetWindowTextA
GetKeyboardState
GetAsyncKeyState
GetForegroundWindow
DrawTextA
IsClipboardFormatAvailable
SendMessageA
SystemParametersInfoA
ShowWindow
SetFocus
SetTimer
LoadCursorA
OpenClipboard
GetClipboardData
CloseClipboard
GetCaretBlinkTime
DrawTextExA
CallWindowProcA
MoveWindow
GetFocus
MessageBeep
GetWindowLongA
SetSysColors
GetSysColor
SetCursorPos
MessageBoxA
SetRect
ClientToScreen
WinHelpA
GetActiveWindow
PostMessageA
SetWindowLongA
GetCapture
ReleaseCapture
SetCapture
SetWindowTextA
KillTimer
PostQuitMessage
GetWindowThreadProcessId

gdi32

CreatePalette
GetPaletteEntries
GetDeviceCaps
GetTextMetricsA
SelectObject
CreateFontIndirectA
GetStockObject
RealizePalette
SelectPalette
DeleteDC
CreateICA
GetObjectA
DeleteObject
GetNearestPaletteIndex
SetPaletteEntries
ResizePalette
GetSystemPaletteEntries
CreateRectRgn
SelectClipRgn
TextOutA
SetTextColor
GetTextExtentPoint32A
SetBkMode
SetBkColor
LineTo
MoveToEx
CreatePen

advapi32

RegSetValueExA
RegQueryValueExA
RegCloseKey
RegCreateKeyExA

dplayx

ord1
ord4
ord2

dsound

ord1

ddraw

DirectDrawCreate

winmm

mixerGetLineControlsA
mixerGetControlDetailsA
mixerClose
mixerGetLineInfoA
timeKillEvent
timeEndPeriod
timeBeginPeriod
timeSetEvent
mixerSetControlDetails
mixerOpen
mmioGetInfo
mmioAdvance
mmioSetInfo
mmioOpenA
mmioDescend
mmioRead
mmioAscend
mciSendCommandA
timeGetTime
mixerGetNumDevs
mciGetErrorStringA
mmioClose
mmioSeek

imm32

ImmReleaseContext
ImmNotifyIME
ImmGetContext
ImmAssociateContext
ImmSetOpenStatus

msvfw32

ICInfo
MCIWndCreateA

ole32

CoInitialize
CoCreateInstance
CoUninitialize

wsock32

WSAStartup
gethostbyname
gethostname
WSACleanup

Sections

.text
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

THIS_COD
Size: 44KB - Virtual size: 42KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 72KB - Virtual size: 71KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 56KB - Virtual size: 2.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

THIS_DAT
Size: 4KB - Virtual size: 144B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Inf32Dat
Size: 44KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e22c63f643c28ea81af57d221f846b57

Headers

File Characteristics

Imports

version

kernel32

user32

gdi32

advapi32

dplayx

dsound

ddraw

winmm

imm32

msvfw32

ole32

wsock32

Sections

.text Size: 1.2MB - Virtual size: 1.2MB

THIS_COD Size: 44KB - Virtual size: 42KB

.rdata Size: 72KB - Virtual size: 71KB

.data Size: 56KB - Virtual size: 2.5MB

THIS_DAT Size: 4KB - Virtual size: 144B

Inf32Dat Size: 44KB - Virtual size: 43KB

.rsrc Size: 4KB - Virtual size: 3KB

.text
Size: 1.2MB - Virtual size: 1.2MB

THIS_COD
Size: 44KB - Virtual size: 42KB

.rdata
Size: 72KB - Virtual size: 71KB

.data
Size: 56KB - Virtual size: 2.5MB

THIS_DAT
Size: 4KB - Virtual size: 144B

Inf32Dat
Size: 44KB - Virtual size: 43KB

.rsrc
Size: 4KB - Virtual size: 3KB